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II. AMENDMENTS TO THE CLAIMS: 

This listing of claims replaces ail prior versions, and listings, of claims of the application. 

1, (Original) A security system for controlling access to one or more application functions 
located on a server or accessible via server, each application function having an associated 
security level, wherein one or more clients communicate with said server by means of requests 
for accessing one of said application functions using a network, wherein access to said 
application functions is controlled by security requirements, comprising: 

an authentication component functionally separated from said clients and said application 
functions for processing said client request independently of said client type, containing more 
than one authentication mechanisms and selecting and executing an authentication mechanism 
from said more than one authentication mechanisms based on the information contained in the 
client request resulting in a security state; 

a security component containing a security policy describing security requirements (security 
level) for accessing application functions, comparing said security state associated witli said 
client with the security level of the application function and allowing access to the application 
function if the security state fulfills the security level 
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2. (Original.) A system according to claim 1, wherein said clients are PVC-devices. 

3. (Original) A system according to claim 1, wherein said authentication component and said 
security component are integrated in one component stored on a server. 

4. (Original) A system according to claim 1, whereby said authentication component consists of 
security plug-ins whereby each authentication mechanism is laid down in a separate security 
plug-in. 

5. (Original) A system according to claim 4, whereby the authentication mechanism may be 
UserlD/Password, Challenge/ Response or digital signature. 

6. (Currently amended) A system according to claim 2 further comprising: 

a component (ADL) for converting PVC-dcvice specific requests into canonical requests before 
said request is used by said autJientication component. 

7. (Original) A method for controlling access to one or more appUcation functions stored on a 
server or accessible via server, each application function having an associated security level, 
wherein one or more clients communicate with said server by means of requests for accessing 
one of said application functions using a network, whereby access to said application functions is 
controlled by a security requirements, comprising the steps of: 
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routing all incoming requests created by said clients to an authentication component which is 
functionally independent from said clients and said application functions, said authentication 
component comprising the steps of: 

authentication of said client by determining an authentication mechanism provided by said 
authentication component by means of authentication information contained in said request and 
applying said authentication mechanism; 

storing a result of said authentication and said authentication information or parts of it contained 
in said request as a security state; 

using security requirements for sai d one of said application functions to be accessed; 

comparing said stored security state with said security requirements for accessing the requested 
application function; and 

invoking said requested application function if said security state fulfills said security 
requirements. 

8. (Original) A method according to claim 7 wherein said incoming requests are canonical 
requests. 
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9, (Original) A method according ta claim 8 wherein said canonical requests are created by a 
Device Adaptation Layer which converts client specific requests into canonical requests. 

10, (Original) A method according to claim 7 comprising the further steps of : 

creating a session identifier when establishing a communication between a client and a server 
and using said session identifier in all requests and responses between said client and said server. 

1 1 , (Original) A method according to claim 10 whereby said session identifier and said security 
state are placed in. a cookie, whereby said cookie is inserted into each request and response 
between said client and said server. 

12. (Original) A method according to claim 7 wherein said clients are PVC-devices. 

1 3. (Currently amended) A computer program comprising computer program code portions for 
performing respective steps of tlie method according to claims 7 to 12 when the program is 
executed in a computer. 

1 4. (Currently amended) A computer program product stored on a computer-readable media 
containing software code for performing of the method according to one of the claims 7 to 12 if 
the program product is executed on the computer. 
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15. (Currently amended) A client-server system, wherein one or more clients, having client types> 
communicate v/ith a server by means of requests for accessing application functions located on or 
accessible via said server, wherein access to said application functions is controlled by a security 
system located on said server, wherein said security system comprises: 

an authentication component, functionally separated from said one or more clients and said 
application functions for processing ch'ent request independently of client type, containing one or 
me¥^ a nluralitv of authentication mechanisms and selecting and executing an authentication 
mechanism from said a plural ity of authentication mechanisms based on the information 
contained in the client request, resulting in a security state; 

a security component containijig a security policy describing security requirements (security 
level.) for accessing application functions, comparing said security state associated to a client 
with the securi ty level of the application ftmction and allowing access to the specified application 
function if the security state fulfills the security level. 
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